Home / Middleware / Oracle Enterprise Data Quality

3 Integrating with Oracle Access Manager

This chapter describes how to configure an Oracle WebLogic Server 12c installation to authenticate Oracle Enterprise Data Quality (EDQ) using Oracle Access Manager (OAM).

This chapter includes the following sections:

• Overview of Configuring WebLogic to use OAM Authentication

• Configuring an LDAP Provider

• Configuring an Oracle Access Manager Provider

• Setting Provider Priorities

• OAM Configuration

• Installing Oracle HTTP Server

3.1 Overview of Configuring WebLogic to use OAM Authentication

You can perform all the required Oracle WebLogic Server configuration under the Security Realms/Providers section.

After you initially configure a domain, the Providers tab has the following contents:

Figure 3-1 Providers Tab in Oracle WebLogic Server

To configure Oracle Access Manager (OAM), you must set up two additional providers - for LDAP and OAM.

3.2 Configuring an LDAP Provider

To configure an LDAP provider:

1. Click New to create a new authentication provider.

2. Enter a Name for the authentication provider.

3. Select OracleInternetDirectoryAuthenticator as the Type:

   Figure 3-2 Creating a New Authentication Provider for LDAP

   
   

4. Click OK.

5. Select the name of the newly created provider from the list and set the Control Flag to SUFFICIENT.

6. Click Save.

7. Select the Provider Specific tab.

8. Set the following fields, leaving the remaining fields with default values:

   Field	Value
   Host	hostname of the OID server
   Port	OID port
   Principal	DN of an LDAP user with sufficient rights to search for users and groups
   Credential	credential for the host
   User Base DN	LDAP base DN
   Group Base DN	LDAP base DN

   
   

9. Set provider properties. For information, see "Setting Provider Priorities".

10. Ensure that the Control Flags are set to SUFFICIENT on the default and LDAP providers.

11. After configuring providers, adjust the order. This can be done after adding each provider or as the final step.

12. Restart admin server. Note that this must be done after all configuration changes.

13. In admin console, verify that you can see LDAP users and groups.

14. Ensure that there is a mapping to EDQ administrators group - either because your LDAP contains an Administrators group containing an EDQ user, or by adding a new mapping to login.properties.

15. Start EDQ server.

16. Verify you can login to EDQ using LDAP user.

17. Configure additional external group mappings on the EDQ admin console.

3.3 Configuring an Oracle Access Manager Provider

To configure an Oracle Access Manager (OAM) provider:

1. On the providers list, click New and enter OAM as the name and OAMIdentityAsserter as the type:

   Figure 3-3 Creating a New Authentication Provider for OAM

   
   

2. Click OK.

3. Select OAM from the list and select the Common tab.

4. Set the control flag to REQUIRED:

   Figure 3-4 Configuring the Provider

   
   

5. Click Save.

6. Select the Provider Specific tab.

7. Set the following fields, leaving the remaining fields with default values:

   Field	Value
   Access gate name	The host name that you configured when you created the authentication provider. Use the plain host name without domain.
   Primary Access Server	The primary Access Server, configured as host:port.

   
   

8. Move OAM to the top of the list providers, just above LDAP providers.

9. Click Save to complete the provider definition.

3.4 Setting Provider Priorities

To set the provider priorities:

1. On the Providers list, select DefaultAuthenticator and change the Control Flag to SUFFICIENT:

   Figure 3-5 Setting Provider Priorities

   
   

2. On the Providers list, click Reorder and move OAM to the top with the <provider_name> second:

   Figure 3-6 Reordering Authentication Providers

   
   

Once the server is restarted, WebLogic is ready for OAM use. EDQ now gets all information from the LDAP provider, and the original user weblogic no longer works in EDQ. Instead, log in as user edqadmin with password welcome1.

3.5 OAM Configuration

A WebGate configuration must be created in OAM for use with the EDQ/OHS installation. The WebGate must be configured to use the same LDAP provider as WebLogic and HTTP resources must be set up as follows:

/edq/faces/** Protected Resource Policy
/edq/blueprints/*/jnlp Proctected Resource Policy
/edq/** Public Resource Policy (or excluded)

3.6 Installing Oracle HTTP Server

Install Oracle HTTP Server (OHS) 11 or 12 and the WebGate extension. WebGate software is shipped with OHS 12. The WebGate intercepts HTTP requests from users for Web resources and forwards them to the Access Server for authentication and authorization.

If you use OHS 12, the WebGate software is bundled and you do not need a separate download. For more information, see Installing the WebGate in Oracle Access Manager Installation Guide.

Configure the WebLogic plugin to forward /edq to WebLogic:

<Location /edq>
  SetHandler weblogic-handler
  WebLogicHost managedserverhost
  WebLogicPort managedserverport
</Location>

Finally install the WebGate artifacts, and restart OHS to complete the installation.